Important Customer Security AlertTo view this message in a language other than English, please click here.

We recently discovered that attackers illegally entered our network. The attackers may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account. If you have placed an order with us, information such as your name, encrypted payment card number, and card expiration date also may have been accessed. We do not believe any decrypted card numbers were removed from our systems.

To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. As always, please be cautious when responding to any email seeking your personal information.

We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter.

We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.Adobe Customer Care

It seems that this is indeed real. I have reset my password but what does this mean regarding credit cards that has been stored. Should the credit card company be contacted or does Adobe do that?

A few months back I had my MasterCard card canceled by the credit card company and a new one issued because it was potentially compromised. They did not tell me details. I would think your credit card company would be responsible dealing with notifications to people who's credit could be in jeopardy.

I phoned my credit card company and they say they know nothing about it and I should contact Adobe. I phoned them but couldn't get through. The credit card company - Mastercard - warned against re setting the password. Confused? I am.

encrypted payment card number, and card expiration date also may have been accessed. We do not believe any decrypted card numbers were removed from our systems.

Apparently, what was stolen were encrypted numbers. Maybe hackers will be able to decrypt them, maybe not. Decrypting a single number probably is not such a huge task, but 2.9 millions? Also, it shall be noted that Adobe "believes" (ie, not sure) their decrypted numbers were not compromised.

I phoned my credit card company and they say they know nothing about it and I should contact Adobe. I phoned them but couldn't get through. The credit card company - Mastercard - warned against re setting the password. Confused? I am.

Stamper,

Mastercard advice against resetting the password is based on the usual phishing scam, where a hacker poses as a legitimate site (ie, Adobe) and asks you to go to a legitimately-looking (but actually fake) site and reset your password, asking for your old password along the way.

This event is a real one, and thus resetting your password would be a reasonable move.

As for Adobe contacting your CC company... probably not going to happen. Such level of inter-company co-ordination is probably a distant dream. In many companies, one internal department is often not fully aware what other departments are doing. Just ask federal agencies in the pre-9/11 era (heck, ask them even today).

I do not believe that there are protocols in place to transfer 2.9 million numbers to major credit card companies. That would also require decryption prior to sending (thus increasing the risk).

On the tv news here todays it was said that Adobe are not sure what dats has been hacked yet and are still checking (or words to that effect) we won't know for sure untill all the infos in.I'd suggest checking with your card company, I doubt adobe will contact them all.

I'ld like to give some perspective in order to alleviate the fear being generated in this thread understandably over concerns of ID theft from Adobe's servers being hacked coming from someone who just recently became an ID theft victim in 2012 by way of fraudulent charges placed on my credit card and fake IRS tax returns filed to gain a huge refund using my SSN, home address & DOB.

Here's the skinny...

The money stolen in your name by way of fraudulent accounts and existing accounts you will never be responsible for and will be paid by the financial institution's insurance company. Also the folks who actually use the ID info to commit the actual fraud rarely are caught and prosecuted, so I guess you can see who is the real loser here...the insurance companies.

The only thing the ID theft victim will be burdened with is filling out letters and affidavits to law enforcement on all levels from city, county, state and federal (the FTC) as well as put credit freezes to not only report the crime but also prove it wasn't you that raked up all these charges IOW it's going to be a time consuming experience similar to grant writing or filling out applications for loans with the (SBA) Small Business Administration.

How can I be this blunt about this? I started asking ID theft questions (which I never did before in my entire 54 years) to close to ten random people in my community and financial institution CSR's who all told me of their ID theft experience which varied by dollar amount lost and methods used to commit fraud in their name. They all said they didn't lose money and the perps were never caught or prosecuted.

This is the perfect crime and it scares the hell out of me, but I don't know why.

One never knows with Adobe (after all they once sold a 5000$ e-book protection server any reasonably astute 12 yo could have cracked with a pen a a sheet of paper - basically they used XOR) but if they used decent password protection practices (salted, strong algo - some info here https://crackstation.net/hashing-security.htm) danger isn't that high. If they did not, a lot of them will fall.

Note to Slobodan: reversing a single hash is extremely hard, reversing some of the 2.9 million hashes is potentially much easier. First because you basically have 2.9 million lottery tickets instead of one, but also because the amount of data by itself may leak info on the techniques Adobe uses: for duplicate hashes would indicate identical initial passwords hashed without salt or with a constant salt.

PS: my last Adobe purchase was on the 29th of September and I haven't received a notification from them.

I don't know if it's related, but I've been having login issues, and password reset issues with them all day long. A very long frustrating support chat did not resolve it though they would not stay on long enough to find that out with me. So I will have to start over tomorrow. As of now, I can not access my account. Perhaps they have their hands full, and I will try in a few days.. or perhaps I'm being generous..

... Note to Slobodan: reversing a single hash is extremely hard, reversing some of the 2.9 million hashes is potentially much easier. First because you basically have 2.9 million lottery tickets instead of one, but also because the amount of data by itself may leak info on the techniques Adobe uses: for duplicate hashes would indicate identical initial passwords hashed without salt or with a constant salt...

My question was from the position of uneducated guess. Thanks for clarification.